eCommerce has exploded in 2020 as consumers have adapted their shopping and consumption habits due to the Covid pandemic. The swift migration from brick and mortar to online commerce is reflected in the recent quarterly earnings of payment processors and retailers. Specifically, Visa reported that, despite total payment transactions being down by 10% last quarter, its U.S. card-not-present transaction volume has increased by more than 25% each week since the beginning of April. Similarly, Target announced that not only have its digital sales tripled but it has added 10 million new digital customers in the first half of 2020.
This eCommerce boom—with a dramatic increase in card-not-present (“CNP”) transactions—presents payment card issuers with a security conundrum. As the robust authentication protection of the EMV chip is not present in a CNP transaction, e-commerce transactions are more vulnerable to organized fraudsters. As a result, issuers and their payment processors rely primarily on software-based anti-fraud authentication tools to screen transactions for potential fraud. The sensitivity of these tools can be adjusted but there is a proportional relationship between robust screening and false declines of legitimate transactions.
Payment card issuers are quite sensitive about false declines of their cards because they not only lose the opportunity for the instant transaction but may also lose future opportunities if the consumer decides to start using a different payment method or issuer. Moreover, false declines are even more of a concern in the current pandemic environment because consumers are behaving in abnormal patterns that anti-fraud programs are not likely to recognize as genuine.
For example*, consumers are more often:
Buying bulk items with expedited shipping
Placing large first-time orders with new, unfamiliar merchants
Making several small purchases from a single merchant (or multiple merchants) in a short period of time
Shipping items to unfamiliar addresses, such as the home of a relative or friend
The issuer’s dilemma is balancing the need to be vigilant against fraudsters at a time when vulnerable CNP transactions are growing rapidly and consumer behavior is sufficiently erratic to render common digital anti-fraud measures less than optimal. In these circumstances what can issuers do, without impacting the cardholder experience, to maintain high levels of transaction integrity and keep false declines to a minimum?
The answer is to protect the card with a dynamic card security code.
Dynamic security codes provide an added layer of card level protection for CNP transactions.
Traditionally anti-fraud solutions for CNP transactions have been directed at the transaction stream with varying levels of success. As the focus of organized fraudsters turn to the growing category of CNP transactions, additional layers of security are needed. The best way to provide such additional security is to use dynamic security code technology to protect data at the card-level. Dynamic card security codes not only provide an additional layer of security but do not impact in any way the card holder experience during the transaction.
Although adoption of dynamic card security code technology in the US is just beginning, more than two years ago a number of European issuers, including Societe Generale and BNP Paribas, launched payment cards with dynamic card security code technology and the results have been promising. In addition, the Secure Technology Alliance, a leading payment industry trade group recently published a white paper that examined dynamic card security code technology and CNP fraud. With CNP transactions growing at such a torrid pace in the US, payment card issuer migration from static security codes to dynamic card security code technology is both needed and inevitable.